options QUOTA # # <quota>
options INET # # <inet>
-options ABSOLUTETIME_SCALAR_TYPE
options NEW_VM_CODE # # <newvm>
options OLD_VM_CODE # # <!newvm>
options HW_AST # Hardware ast support # <hw_ast>
options MACH_IPC_DEBUG # Enable IPC debugging calls # <ipc_debug>
options MACH_IPC_TEST # Testing code/printfs # <ipc_test>
options MACH_LDEBUG # Sanity-check simple locking # <test>
+options CONFIG_ZLEAKS # Live zone leak debug sysctls # <zleaks>
options MACH_NP # Mach IPC support # <np>
options MACH_NBC # No buffer cache # <nbc>
options MACH_NET # Fast network access # <mach_net>
options MACH_XP # external pager support # <xp>
-options NORMA_IPC # NORMA IPC support # <norma_ipc>
-options NORMA_DEVICE # NORMA unified device names # <norma_device>
-options NORMA_VM # NORMA virtual memory support # <norma_vm>
-options NORMA_TASK # NORMA task support # <norma_task>
-options NORMA_ETHER # NORMA across ethernet # <norma_ether>
options SIMPLE_CLOCK # don't assume fixed tick # <simple_clock>
options XPR_DEBUG # kernel tracing # <xpr_debug>
options KDEBUG # kernel tracing # <kdebug>
+options IST_KDEBUG # limited kernel tracing # <ist_kdebug>
+options NO_KDEBUG # no kernel tracing # <no_kdebug>
options DDM_DEBUG # driverkit-style tracing # <ddm_debug>
options MACH_OLD_VM_COPY # Old vm_copy technology # <!newvm>
options NO_DIRECT_RPC # for untyped mig servers #
-options IPX # ipx stack # <ipx>
-options EON # # <eon>
-options ISO # ISO stack # <iso>
-options LLC # 802.2 support # <llc>
options LOOP # loopback support # <loop>
options MROUTING # multicast routing # <mrouting>
-options ROUTING # routing # <routing>
-options NETMIBS # # <netmibs>
options VLAN # # <vlan>
options BOND # # <bond>
options PF # Packet Filter # <pf>
-options PF_PKTHDR # PF tag inside mbuf pkthdr # <pf_pkthdr>
-options PKT_PRIORITY # Packet priority support # <pkt_priority>
+options PF_ALTQ # PF ALTQ (Alternate Queueing) # <pf_altq>
options PFLOG # PF log interface # <pflog>
+options PKTSCHED_CBQ # CBQ packet scheduler # <pktsched_cbq>
+options PKTSCHED_HFSC # H-FSC packet scheduler # <pktsched_hfsc>
+options PKTSCHED_PRIQ # PRIQ packet scheduler # <pktsched_priq>
+options PKTSCHED_FAIRQ # FAIRQ packet scheduler # <pktsched_fairq>
+options MEASURE_BW # interface bandwidth measurement # <measure_bw>
+options CLASSQ_BLUE # BLUE queueing algorithm # <classq_blue>
+options CLASSQ_RED # RED queueing algorithm # <classq_red>
+options CLASSQ_RIO # RIO queueing algorithm # <classq_rio>
options IPDIVERT # Divert sockets (for NAT) # <ipdivert>
-options IPFLOW # IP fast forwarding # <ipflow>
options IPFIREWALL # IP Firewalling (used by NAT) # <ipfirewall>
options IPFIREWALL_FORWARD #Transparent proxy # <ipfirewall>
options IPFIREWALL_DEFAULT_TO_ACCEPT # allow everything by default # <ipfirewall>
options IPFW2 # IP firewall (new version) # <ipfw2>
options MULTICAST # Internet Protocol Class-D $
options TCPDEBUG # TCP debug # <tcpdebug>
-options RANDOM_IP_ID # random (not sequential) ip ids # <randomipid>
options TCP_DROP_SYNFIN # Drop TCP packets with SYN+FIN set # <tcpdrop_synfin>
options ICMP_BANDLIM # ICMP bandwidth limiting sysctl
options IFNET_INPUT_SANITY_CHK # allow dlil/ifnet input sanity check # <ifnet_input_chk>
-options IFNET_ROUTE_REFCNT # count route references to ifnet # <ifnet_route_refcnt>
+options MULTIPATH # Multipath domain # <multipath>
+options MPTCP # Multipath TCP # <mptcp>
options SYSV_SEM # SVID semaphores # <sysv_sem>
options SYSV_MSG # SVID messages # <sysv_msg>
options SYSV_SHM # SVID shared mem # <sysv_shm>
options PSYNCH # pthread synch # <psynch>
-options PANIC_INFO # want kernel panic info # <panic_info>
options DEVELOPMENT # dev kernel # <development>
+options FLOW_DIVERT # <flow_divert>
# secure_kernel - secure kernel from user programs
options SECURE_KERNEL # <secure_kernel>
#
# 4.4 general kernel
#
-options SOCKETS # socket support # <inet, inet6, netat>
+options SOCKETS # socket support # <inet, inet6>
options DIAGNOSTIC # diagnostics # <diagnostic>
options CONFIG_DTRACE # dtrace support # <config_dtrace>
options GPROF # build profiling # <profile>
options SENDFILE # sendfile # <sendfile>
-options NETWORKING # networking layer # <inet, inet6, netat>
+options NETWORKING # networking layer # <inet, inet6>
options CONFIG_FSE # file system events # <config_fse>
options CONFIG_IMAGEBOOT # local image boot # <config_imageboot>
-options CONFIG_SOWUPCALL # SB_UPCALL on sowwakeup # <config_sowupcall>
-options CONFIG_MBUF_NOEXPAND # limit mbuf expansion # <config_mbuf_noexpand>
options CONFIG_MBUF_JUMBO # jumbo cluster pool # <config_mbuf_jumbo>
-options CONFIG_MBUF_TAGS_MALLOC # use malloc for tags # <config_mbuf_tags_malloc>
options CONFIG_FORCE_OUT_IFP # Enable IP_FORCE_OUT_IFP # <config_force_out_ifp>
options CONFIG_IFEF_NOWINDOWSCALE # Scale TCP window per driver # <config_ifef_nowindowscale>
options CONFIG_WORKQUEUE # <config_workqueue>
-
#
# 4.4 filesystems
#
options FFS # Fast Filesystem Support # <ffs>
options HFS # HFS/HFS+ support # <hfs>
+options MOCKFS # Boot from an executable # <mockfs>
options FIFO # fifo support # <fifo>
-options UNION # union_fs support # <union>
options FDESC # fdesc_fs support # <fdesc>
options DEVFS # devfs support # <devfs>
options JOURNALING # journaling support # <journaling>
options HFS_COMPRESSION # hfs compression # <hfs_compression>
+options CONFIG_HFS_STD # hfs standard support # <config_hfs_std>
+options CONFIG_HFS_TRIM # hfs trims unused blocks # <config_hfs_trim>
+options CONFIG_HFS_MOUNT_UNMAP #hfs trims blocks at mount # <config_hfs_mount_unmap>
+options CONFIG_HFS_DIRLINK #allow directory hardlink creation # <config_hfs_dirlink>
#
# file system features
options QUOTA # file system quotas # <quota>
options REV_ENDIAN_FS # Reverse Endian FS # <revfs>
options NAMEDSTREAMS # named stream vnop support # <namedstreams>
+options CONFIG_APPLEDOUBLE # apple double support # <config_appledouble>
options CONFIG_VOLFS # volfs path support (legacy) # <config_volfs>
options CONFIG_IMGSRC_ACCESS # source of imageboot dmg # <config_imgsrc_access>
+options CONFIG_TRIGGERS # trigger vnodes # <config_triggers>
+options CONFIG_EXT_RESOLVER # e.g. memberd # <config_ext_resolver>
+options CONFIG_SEARCHFS # searchfs syscall support # <config_searchfs>
#
# NFS support
options NFSCLIENT # Be an NFS client # <nfsclient>
options NFSSERVER # Be an NFS server # <nfsserver>
-#
-# AppleTalk Support
-#
-options NETAT # AppleTalk support # <netat>
-#options AURP_SUPPORT # AppleTalk Update Routing # <netat>
-
#
# Machine Independent Apple Features
#
options KERNEL_STACK # MI kernel stack support # <kernstack>
profile # build a profiling kernel # <profile>
-#
-# Point-to-Point Protocol support
-#
-pseudo-device ppp 2 # <ppp>
-
#
# IPv6 Support
#
options "INET6" # kernel IPv6 Support # <inet6>
+options IPV6SEND # Secure Neighbor Discovery # <ipv6send>
options IPSEC # IP security # <ipsec>
options IPSEC_ESP # IP security # <ipsec>
options "IPV6FIREWALL" # IPv6 Firewall Feature # <ipv6firewall>
pseudo-device gif 1 # <gif>
pseudo-device dummy 2 # <dummy>
-pseudo-device faith 1 # <faith>
pseudo-device stf 1 # <stf>
options crypto # <ipsec,crypto>
options ALLCRYPTO # <xlarge,large,medium>
-options randomipid # <inet,randomipid>
options ZLIB # inflate/deflate support # <zlib>
+options IF_BRIDGE # <if_bridge>
makeoptions LIBDRIVER = "libDriver_kern.o" # <libdriver>
makeoptions LIBOBJC = "libkobjc.o" # <kernobjc>
options CONFIG_VNODES=263168 # <large,xlarge>
options CONFIG_VNODES=263168 # <medium>
options CONFIG_VNODES=10240 # <small>
-options CONFIG_VNODES=1024 # <xsmall>
options CONFIG_VNODES=750 # <bsmall>
options CONFIG_VNODE_FREE_MIN=500 # <large,xlarge>
options CONFIG_NMBCLUSTERS="((1024 * 512) / MCLBYTES)" # <medium>
options CONFIG_NMBCLUSTERS="((1024 * 256) / MCLBYTES)" # <bsmall,xsmall,small>
-#
-# set maximum space used for packet buffers
-#
-options CONFIG_USESOCKTHRESHOLD=1 # <large,xlarge,medium>
-options CONFIG_USESOCKTHRESHOLD=0 # <bsmall,xsmall,small>
-
#
# Configure size of TCP hash table
#
options CONFIG_TCBHASHSIZE=4096 # <medium,large,xlarge>
options CONFIG_TCBHASHSIZE=128 # <xsmall,small,bsmall>
+#
+# Configure bandwidth limiting sysctl
+#
+options CONFIG_ICMP_BANDLIM=250 # <medium,large,xlarge>
+options CONFIG_ICMP_BANDLIM=50 # <xsmall,small,bsmall>
+
#
# configurable async IO options
# CONFIG_AIO_MAX - system wide limit of async IO requests.
options CONFIG_MFCTBLSIZ=128 # <small,xsmall>
options CONFIG_MFCTBLSIZ=16 # <bsmall>
+#
+# configurable kernel message buffer size
+#
+options CONFIG_MSG_BSIZE=4096 # <bsmall,small,xsmall>
+options CONFIG_MSG_BSIZE=16384 # <medium,large,xlarge>
+
#
# configurable kernel - use these options to strip strings from panic
# and printf calls.
options CONFIG_NO_KPRINTF_STRINGS # <no_kprintf_str>
#
-# configurable kernel - general switch to say we are building for an
-# embedded device
+# use finer-grained lock groups for the proc subsystem
#
-options CONFIG_EMBEDDED # <config_embedded>
-
-# only execute signed code. Hang this off config_embedded since there's
-# nothing more appropriate right now
-#
-options CONFIG_ENFORCE_SIGNED_CODE # <config_embedded>
+options CONFIG_FINE_LOCK_GROUPS # <medium,large,xlarge>
# support dynamic signing of code
#
options CONFIG_DYNAMIC_CODE_SIGNING # <dynamic_codesigning>
#
-# code decryption... used on embedded for app protection
-# must be set in all the bsd/conf and osfmk/conf MASTER files
+# User Content Protection, used on embedded
+#
+options CONFIG_PROTECT # <config_protect>
+
+#
+# enable per-process memory priority tracking
#
-options CONFIG_CODE_DECRYPTION # <config_embedded>
+options CONFIG_MEMORYSTATUS # <memorystatus>
#
-# User Content Protection, used on embedded
+# enable jetsam - used on embedded
#
+options CONFIG_JETSAM # <jetsam>
-options CONFIG_PROTECT # <config_protect>
+#
+# enable freezing of suspended processes - used on embedded
+#
+options CONFIG_FREEZE # <freeze>
+
+options CHECK_CS_VALIDATION_BITMAP # <config_cs_validation_bitmap>
+
+#
+# memory pressure event support
+# must be set in both bsd/conf and osfmk/conf MASTER files
+#
+options VM_PRESSURE_EVENTS # <vm_pressure_events>
+
+#
+# Enable inheritance of importance through specially marked mach ports and for file locks
+# For now debug is enabled wherever inheritance is
+#
+options IMPORTANCE_INHERITANCE # <importance_inheritance>
+options IMPORTANCE_DEBUG # <importance_inheritance>
+options CONFIG_TELEMETRY # <config_telemetry>
+
+options CONFIG_PROC_UUID_POLICY # <config_proc_uuid_policy>
+
+#
+# In-kernel tests
+#
+options CONFIG_IN_KERNEL_TESTS # <in_kernel_tests>
#
# Ethernet (ARP)
#
-pseudo-device ether # <networking,inet,inet6,netat>
+pseudo-device ether # <networking,inet,inet6>
#
# Network loopback device
#
-pseudo-device loop # <networking,inet,inet6,netat>
+pseudo-device loop # <networking,inet,inet6>
#
# UCB pseudo terminal service
#
pseudo-device vndevice 8 init vndevice_init # <large>
pseudo-device vndevice 4 init vndevice_init # <medium>
pseudo-device vndevice 3 init vndevice_init # <small>
+pseudo-device vndevice 2 init vndevice_init # <xsmall>
pseudo-device vndevice 2 init vndevice_init # <bsmall>
#
#
# packet filter device
#
-pseudo-device bpfilter 4 init bpf_init # <networking,inet,inet6,netat>
+pseudo-device bpfilter 4 init bpf_init # <networking,inet,inet6>
#
# fsevents device
pseudo-device systrace 1 init systrace_init # <config_dtrace>
pseudo-device fbt 1 init fbt_init # <config_dtrace>
pseudo-device profile_prvd 1 init profile_init # <config_dtrace>
-